U.S. patent application number 14/921871 was filed with the patent office on 2017-04-27 for authorizing i/o commands with i/o tokens.
The applicant listed for this patent is Pure Storage, Inc.. Invention is credited to John Hayes, Robert Lee.
Application Number | 20170118028 14/921871 |
Document ID | / |
Family ID | 58557998 |
Filed Date | 2017-04-27 |
United States Patent
Application |
20170118028 |
Kind Code |
A1 |
Hayes; John ; et
al. |
April 27, 2017 |
AUTHORIZING I/O COMMANDS WITH I/O TOKENS
Abstract
A method for authorizing I/O (input/output) commands in a
storage cluster is provided. The method includes generating a token
responsive to an authority initiating an I/O command, wherein the
token is specific to assignment of the authority and a storage node
of the storage cluster. The method includes verifying the I/O
command using the token, wherein the token includes a signature
confirming validity of the token and wherein the token is
revocable.
Inventors: |
Hayes; John; (Mountain View,
CA) ; Lee; Robert; (Mountain View, CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Pure Storage, Inc. |
Mountain View |
CA |
US |
|
|
Family ID: |
58557998 |
Appl. No.: |
14/921871 |
Filed: |
October 23, 2015 |
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
G06F 12/1458 20130101;
G06F 2212/1052 20130101; H04L 9/0891 20130101; H04L 9/3213
20130101; G06F 11/1612 20130101; G06F 3/0622 20130101; G06F 21/40
20130101; H04L 9/0894 20130101; G06F 3/0688 20130101; G06F 11/1425
20130101; G06F 3/0659 20130101; H04L 9/3247 20130101; H04L 9/3268
20130101; G06F 11/00 20130101; G06F 2201/83 20130101 |
International
Class: |
H04L 9/32 20060101
H04L009/32; G06F 12/14 20060101 G06F012/14; G06F 21/40 20060101
G06F021/40; G06F 3/06 20060101 G06F003/06 |
Claims
1. A method for authorizing I/O (input/output) commands in a
storage cluster, the method comprising: generating a token
responsive to an authority initiating an I/O command, wherein the
token is specific to assignment of the authority and a storage node
of the storage cluster; and verifying the I/O command using the
token, wherein the token includes a signature confirming validity
of the token and wherein the token is revocable.
2. The method of claim 1, wherein the token is revoked by exceeding
a time interval associated with the token.
3. The method of claim 1, wherein the signature is associated with
a plurality of storage nodes and wherein the plurality of storage
nodes represents a quorum of signers of the token.
4. The method of claim 3 wherein the quorum of signers represents a
majority of the plurality of storage nodes.
5. The method of claim 1, wherein the signature is associated with
one or more signers spread across a plurality of storage nodes of
the storage cluster.
6. The method of claim 1, further comprising: voting to reassign
the storage node that is executing the authority; establishing the
authority in one of a plurality of storage nodes differing from the
storage node that is being reassigned.
7. The method of claim 1, wherein the I/O command pertains to one
of data to be written to non-volatile random-access memory (NVRAM)
or data to be written to or read from a data stripe across a
plurality of storage units.
8. A storage cluster that authorizes I/O (input/output) commands
with I/O tokens, comprising: a plurality of storage nodes coupled
to form the storage cluster; each of the plurality of storage nodes
having one or more storage units; each of the one or more storage
units having random-access memory (RAM) and non-volatile
solid-state storage memory; at least a subset of the plurality of
storage nodes having one or more authorities configured to issue
I/O commands and generate tokens, wherein a token accompanies each
I/O command, the token specific to an authority issuing the I/O
command and specific to the storage node having the authority, each
of the one or more storage units is configured to verify the I/O
commands using the token, and wherein the token includes a
signature confirming validity of the token and wherein the token is
revocable.
9. The storage cluster of claim 8, wherein the token is revoked by
exceeding a time interval associated with the token.
10. The storage cluster of claim 8, wherein the signature is
associated with a subset of the plurality of storage nodes and
wherein the subset of the plurality of storage nodes represents a
quorum of signers of the token.
11. The storage cluster of claim 10, wherein the quorum of signers
represents a majority of the plurality of storage nodes.
12. The storage cluster of claim 8, wherein the signature is
associated with one or more signers distributed across the
plurality of storage nodes.
13. The storage cluster of claim 8, wherein the I/O commands
pertain to one of data to be written to non-volatile random-access
memory (NVRAM) or data to be written to or read from a data stripe
across a plurality of storage units.
14. A storage node that authorizes I/O (input/output) commands in a
storage cluster, the storage node comprising: a processor; one or
more storage units having random-access memory (RAM) and
non-volatile solid-state storage memory; the processor of the
storage node configured to issue an I/O command with a token on
behalf of an authority in the storage node, wherein the token is
specific to the storage node and the authority, the token has a
signature confirming validity of the token and wherein the token is
revocable.
15. The storage node of claim 14, wherein the token is revoked by
exceeding a time interval associated with the token.
16. The storage node of claim 14, wherein the signature is
associated with a plurality of storage nodes in the storage cluster
and wherein the plurality of storage nodes represents a quorum of
signers of the token.
17. The storage node of claim 16, wherein the quorum of signers
represents a majority of the plurality of storage nodes.
18. The storage node of claim 14, wherein the signature is
associated with one or more signers distributed across the
plurality of storage nodes.
19. The storage node of claim 14, wherein other storage nodes of
the storage cluster are configured to vote to reassign the storage
node that is executing the authority and establish the authority in
one of the other storage nodes.
20. The storage node of claim 14, wherein the I/O commands pertain
to one of data to be written to non-volatile random-access memory
(NVRAM) or data to be written to or read from a data stripe across
a plurality of storage units.
Description
BACKGROUND
[0001] Solid-state memory, such as flash, is currently in use in
solid-state drives (SSD) to augment or replace conventional hard
disk drives (HDD), writable CD (compact disk) or writable DVD
(digital versatile disk) drives, collectively known as spinning
media, and tape drives, for storage of large amounts of data. Flash
and other solid-state memories have characteristics that differ
from spinning media. Yet, many solid-state drives are designed to
conform to hard disk drive standards for compatibility reasons,
which makes it difficult to provide enhanced features or take
advantage of unique aspects of flash and other solid-state memory.
In a storage cluster environment, it may be difficult to verify
communications between storage nodes, or such verification may
consume excessive communication bandwidth between storage
nodes.
[0002] It is within this context that the embodiments arise.
SUMMARY
[0003] In some embodiments, a method for authorizing I/O
(input/output) commands in a storage cluster is provided. The
method includes generating a token responsive to an authority
initiating an I/O command, wherein the token is specific to
assignment of the authority and a storage node of the storage
cluster. The method includes verifying the I/O command using the
token, wherein the token includes a signature confirming validity
of the token and wherein the token is revocable.
[0004] In some embodiments, a storage cluster that authorizes I/O
(input/output) commands with I/O tokens is provided. The storage
cluster includes a plurality of storage nodes coupled to form the
storage cluster. Each of the plurality of storage nodes has one or
more storage units and each of the one or more storage units has
random-access memory (RAM) and non-volatile solid-state storage
memory. At least a subset of the plurality of storage nodes has one
or more authorities configured to issue I/O commands and generate
tokens, wherein a token accompanies each I/O command. The token is
specific to an authority issuing the I/O command and specific to
the storage node having the authority. Each of the one or more
storage units is configured to verify the I/O commands using the
token. The token includes a signature confirming validity of the
token and the token is revocable.
[0005] In some embodiments, a storage node that authorizes I/O
(input/output) commands in a storage cluster is provided. The
storage node includes a processor and one or more storage units
having random-access memory (RAM) and non-volatile solid-state
storage memory. The processor of the storage node is configured to
issue an I/O command with a token on behalf of an authority in the
storage node, wherein the token is specific to the storage node and
the authority, the token has a signature confirming validity of the
token and wherein the token is revocable.
[0006] Other aspects and advantages of the embodiments will become
apparent from the following detailed description taken in
conjunction with the accompanying drawings which illustrate, by way
of example, the principles of the described embodiments.
BRIEF DESCRIPTION OF THE DRAWINGS
[0007] The described embodiments and the advantages thereof may
best be understood by reference to the following description taken
in conjunction with the accompanying drawings. These drawings in no
way limit any changes in form and detail that may be made to the
described embodiments by one skilled in the art without departing
from the spirit and scope of the described embodiments.
[0008] FIG. 1 is a perspective view of a storage cluster with
multiple storage nodes and internal storage coupled to each storage
node to provide network attached storage, in accordance with some
embodiments.
[0009] FIG. 2 is a block diagram showing an interconnect switch
coupling multiple storage nodes in accordance with some
embodiments.
[0010] FIG. 3 is a multiple level block diagram, showing contents
of a storage node and contents of one of the non-volatile solid
state storage units in accordance with some embodiments.
[0011] FIG. 4 depicts a storage node sending an I/O command to a
storage unit, which verifies the I/O command based on contents of
an accompanying signed token in accordance with some
embodiments.
[0012] FIG. 5 shows relationships of the token to the I/O command,
the storage node, the authority executing in the storage node, and
signers of the token in accordance with some embodiments.
[0013] FIG. 6 shows storage nodes voting to replace an authority in
accordance with some embodiments.
[0014] FIG. 7 shows assignment of an authority to a new storage
node, as a replacement authority in accordance with some
embodiments.
[0015] FIG. 8 is a flow diagram of a method for authorizing I/O
commands, which can be practiced in the storage cluster of FIG. 1
in accordance with some embodiments.
[0016] FIG. 9 is an illustration showing an exemplary computing
device which may implement the embodiments described herein.
DETAILED DESCRIPTION
[0017] The embodiments below describe a storage cluster that stores
user data, such as user data originating from one or more user or
client systems or other sources external to the storage cluster.
The storage cluster distributes user data across storage nodes
housed within a chassis, using erasure coding and redundant copies
of metadata. Erasure coding refers to a method of data protection
or reconstruction in which data is stored across a set of different
locations, such as disks, storage nodes or geographic locations.
Flash memory is one type of solid-state memory that may be
integrated with the embodiments, although the embodiments may be
extended to other types of solid-state memory or other storage
medium, including non-solid state memory. Control of storage
locations and workloads are distributed across the storage
locations in a clustered peer-to-peer system. Tasks such as
mediating communications between the various storage nodes,
detecting when a storage node has become unavailable, and balancing
I/Os (inputs and outputs) across the various storage nodes, are all
handled on a distributed basis. Data is laid out or distributed
across multiple storage nodes in data fragments or stripes that
support data recovery in some embodiments. Ownership of data can be
reassigned within a cluster, independent of input and output
patterns. This architecture described in more detail below allows a
storage node in the cluster to fail, with the system remaining
operational, since the data can be reconstructed from other storage
nodes and thus remain available for input and output operations. In
various embodiments, a storage node may be referred to as a cluster
node, a blade, or a server.
[0018] The storage cluster is contained within a chassis, i.e., an
enclosure housing one or more storage nodes. A mechanism to provide
power to each storage node, such as a power distribution bus, and a
communication mechanism, such as a communication bus that enables
communication between the storage nodes are included within the
chassis. The storage cluster can run as an independent system in
one location according to some embodiments. In one embodiment, a
chassis contains at least two instances of both the power
distribution and the communication bus which may be enabled or
disabled independently. The internal communication bus may be an
Ethernet bus, however, other technologies such as Peripheral
Component Interconnect (PCI) Express, InfiniBand, and others, are
equally suitable. The chassis provides a port for an external
communication bus for enabling communication between multiple
chassis, directly or through a switch, and with client systems. The
external communication may use a technology such as Ethernet,
InfiniBand, Fibre Channel, etc. In some embodiments, the external
communication bus uses different communication bus technologies for
inter-chassis and client communication. If a switch is deployed
within or between chassis, the switch may act as a translation
between multiple protocols or technologies. When multiple chassis
are connected to define a storage cluster, the storage cluster may
be accessed by a client using either proprietary interfaces or
standard interfaces such as network file system (NFS), common
internet file system (CIFS), small computer system interface (SCSI)
or hypertext transfer protocol (HTTP). Translation from the client
protocol may occur at the switch, chassis external communication
bus or within each storage node.
[0019] Each storage node may be one or more storage servers and
each storage server is connected to one or more non-volatile solid
state memory units, which may be referred to as storage units. One
embodiment includes a single storage server in each storage node
and between one to eight non-volatile solid state memory units,
however this one example is not meant to be limiting. The storage
server may include a processor, dynamic random access memory (DRAM)
and interfaces for the internal communication bus and power
distribution for each of the power buses. Inside the storage node,
the interfaces and storage unit share a communication bus, e.g.,
PCI Express, in some embodiments. The non-volatile solid state
memory units may directly access the internal communication bus
interface through a storage node communication bus, or request the
storage node to access the bus interface. The non-volatile solid
state memory unit contains an embedded central processing unit
(CPU), solid state storage controller, and a quantity of solid
state mass storage, e.g., between 2-32 terabytes (TB) in some
embodiments. An embedded volatile storage medium, such as DRAM, and
an energy reserve apparatus are included in the non-volatile solid
state memory unit. In some embodiments, the energy reserve
apparatus is a capacitor, super-capacitor, or battery that enables
transferring a subset of DRAM contents to a stable storage medium
in the case of power loss. In some embodiments, the non-volatile
solid state memory unit is constructed with a storage class memory,
such as phase change or magnetoresistive random access memory
(MRAM) that substitutes for DRAM and enables a reduced power
hold-up apparatus.
[0020] One of many features of the storage nodes and non-volatile
solid state storage is the ability to proactively rebuild data in a
storage cluster. The storage nodes and non-volatile solid state
storage can determine when a storage node or non-volatile solid
state storage in the storage cluster is unreachable, independent of
whether there is an attempt to read data involving that storage
node or non-volatile solid state storage. The storage nodes and
non-volatile solid state storage then cooperate to recover and
rebuild the data in at least partially new locations. This
constitutes a proactive rebuild, in that the system rebuilds data
without waiting until the data is needed for a read access
initiated from a client system employing the storage cluster. These
and further details of the storage memory and operation thereof are
discussed below.
[0021] FIG. 1 is a perspective view of a storage cluster 160, with
multiple storage nodes 150 and internal solid-state memory coupled
to each storage node to provide network attached storage or storage
area network, in accordance with some embodiments. A network
attached storage, storage area network, or a storage cluster, or
other storage memory, could include one or more storage clusters
160, each having one or more storage nodes 150, in a flexible and
reconfigurable arrangement of both the physical components and the
amount of storage memory provided thereby. The storage cluster 160
is designed to fit in a rack, and one or more racks can be set up
and populated as desired for the storage memory. The storage
cluster 160 has a chassis 138 having multiple slots 142. It should
be appreciated that chassis 138 may be referred to as a housing,
enclosure, or rack unit. In one embodiment, the chassis 138 has
fourteen slots 142, although other numbers of slots are readily
devised. For example, some embodiments have four slots, eight
slots, sixteen slots, thirty-two slots, or other suitable number of
slots. Each slot 142 can accommodate one storage node 150 in some
embodiments. Chassis 138 includes flaps 148 that can be utilized to
mount the chassis 138 on a rack. Fans 144 provide air circulation
for cooling of the storage nodes 150 and components thereof,
although other cooling components could be used, or an embodiment
could be devised without cooling components. A switch fabric 146
couples storage nodes 150 within chassis 138 together and to a
network for communication to the memory. In an embodiment depicted
in FIG. 1, the slots 142 to the left of the switch fabric 146 and
fans 144 are shown occupied by storage nodes 150, while the slots
142 to the right of the switch fabric 146 and fans 144 are empty
and available for insertion of storage node 150 for illustrative
purposes. This configuration is one example, and one or more
storage nodes 150 could occupy the slots 142 in various further
arrangements. The storage node arrangements need not be sequential
or adjacent in some embodiments. Storage nodes 150 are hot
pluggable, meaning that a storage node 150 can be inserted into a
slot 142 in the chassis 138, or removed from a slot 142, without
stopping or powering down the system. Upon insertion or removal of
storage node 150 from slot 142, the system automatically
reconfigures in order to recognize and adapt to the change.
Reconfiguration, in some embodiments, includes restoring redundancy
and/or rebalancing data or load.
[0022] Each storage node 150 can have multiple components. In the
embodiment shown here, the storage node 150 includes a printed
circuit board 158 populated by a CPU 156, i.e., processor, a memory
154 coupled to the CPU 156, and a non-volatile solid state storage
152 coupled to the CPU 156, although other mountings and/or
components could be used in further embodiments. The memory 154 has
instructions which are executed by the CPU 156 and/or data operated
on by the CPU 156. As further explained below, the non-volatile
solid state storage 152 includes flash or, in further embodiments,
other types of solid-state memory.
[0023] Referring to FIG. 1, storage cluster 160 is scalable,
meaning that storage capacity with non-uniform storage sizes is
readily added, as described above. One or more storage nodes 150
can be plugged into or removed from each chassis and the storage
cluster self-configures in some embodiments. Plug-in storage nodes
150, whether installed in a chassis as delivered or later added,
can have different sizes. For example, in one embodiment a storage
node 150 can have any multiple of 4 TB, e.g., 8 TB, 12 TB, 16 TB,
32 TB, etc. In further embodiments, a storage node 150 could have
any multiple of other storage amounts or capacities. Storage
capacity of each storage node 150 is broadcast, and influences
decisions of how to stripe the data. For maximum storage
efficiency, an embodiment can self-configure as wide as possible in
the stripe, subject to a predetermined requirement of continued
operation with loss of up to one, or up to two, non-volatile solid
state storage units 152 or storage nodes 150 within the
chassis.
[0024] FIG. 2 is a block diagram showing a communications
interconnect 170 and power distribution bus 172 coupling multiple
storage nodes 150. Referring back to FIG. 1, the communications
interconnect 170 can be included in or implemented with the switch
fabric 146 in some embodiments. Where multiple storage clusters 160
occupy a rack, the communications interconnect 170 can be included
in or implemented with a top of rack switch, in some embodiments.
As illustrated in FIG. 2, storage cluster 160 is enclosed within a
single chassis 138. External port 176 is coupled to storage nodes
150 through communications interconnect 170, while external port
174 is coupled directly to a storage node. External power port 178
is coupled to power distribution bus 172. Storage nodes 150 may
include varying amounts and differing capacities of non-volatile
solid state storage 152 as described with reference to FIG. 1. In
addition, one or more storage nodes 150 may be a compute only
storage node as illustrated in FIG. 2. Authorities 168 are
implemented on the non-volatile solid state storages 152, for
example as lists or other data structures stored in memory. In some
embodiments the authorities are stored within the non-volatile
solid state storage 152 and supported by software executing on a
controller or other processor of the non-volatile solid state
storage 152. In a further embodiment, authorities 168 are
implemented on the storage nodes 150, for example as lists or other
data structures stored in the memory 154 and supported by software
executing on the CPU 156 of the storage node 150. Authorities 168
control how and where data is stored in the non-volatile solid
state storages 152 in some embodiments. This control assists in
determining which type of erasure coding scheme is applied to the
data, and which storage nodes 150 have which portions of the data.
Each authority 168 may be assigned to a non-volatile solid state
storage 152. Each authority may control a range of inode numbers,
segment numbers, or other data identifiers which are assigned to
data by a file system, by the storage nodes 150, or by the
non-volatile solid state storage 152, in various embodiments.
[0025] Every piece of data, and every piece of metadata, has
redundancy in the system in some embodiments. In addition, every
piece of data and every piece of metadata has an owner, which may
be referred to as an authority. If that authority is unreachable,
for example through failure of a storage node, there is a plan of
succession for how to find that data or that metadata. In various
embodiments, there are redundant copies of authorities 168.
Authorities 168 have a relationship to storage nodes 150 and
non-volatile solid state storage 152 in some embodiments. Each
authority 168, covering a range of data segment numbers or other
identifiers of the data, may be assigned to a specific non-volatile
solid state storage 152. In some embodiments the authorities 168
for all of such ranges are distributed over the non-volatile solid
state storages 152 of a storage cluster. Each storage node 150 has
a network port that provides access to the non-volatile solid state
storage(s) 152 of that storage node 150. Data can be stored in a
segment, which is associated with a segment number and that segment
number is an indirection for a configuration of a RAID (redundant
array of independent disks) stripe in some embodiments. The
assignment and use of the authorities 168 thus establishes an
indirection to data. Indirection may be referred to as the ability
to reference data indirectly, in this case via an authority 168, in
accordance with some embodiments. A segment identifies a set of
non-volatile solid state storage 152 and a local identifier into
the set of non-volatile solid state storage 152 that may contain
data. In some embodiments, the local identifier is an offset into
the device and may be reused sequentially by multiple segments. In
other embodiments the local identifier is unique for a specific
segment and never reused. The offsets in the non-volatile solid
state storage 152 are applied to locating data for writing to or
reading from the non-volatile solid state storage 152 (in the form
of a RAID stripe). Data is striped across multiple units of
non-volatile solid state storage 152, which may include or be
different from the non-volatile solid state storage 152 having the
authority 168 for a particular data segment.
[0026] If there is a change in where a particular segment of data
is located, e.g., during a data move or a data reconstruction, the
authority 168 for that data segment should be consulted, at that
non-volatile solid state storage 152 or storage node 150 having
that authority 168. In order to locate a particular piece of data,
embodiments calculate a hash value for a data segment or apply an
inode number or a data segment number. The output of this operation
points to a non-volatile solid state storage 152 having the
authority 168 for that particular piece of data. In some
embodiments there are two stages to this operation. The first stage
maps an entity identifier (ID), e.g., a segment number, inode
number, or directory number to an authority identifier. This
mapping may include a calculation such as a hash or a bit mask. The
second stage is mapping the authority identifier to a particular
non-volatile solid state storage 152, which may be done through an
explicit mapping. The operation is repeatable, so that when the
calculation is performed, the result of the calculation repeatably
and reliably points to a particular non-volatile solid state
storage 152 having that authority 168. The operation may include
the set of reachable storage nodes as input. If the set of
reachable non-volatile solid state storage units changes the
optimal set changes. In some embodiments, the persisted value is
the current assignment (which is always true) and the calculated
value is the target assignment the cluster will attempt to
reconfigure towards. This calculation may be used to determine the
optimal non-volatile solid state storage 152 for an authority in
the presence of a set of non-volatile solid state storage 152 that
are reachable and constitute the same cluster. The calculation also
determines an ordered set of peer non-volatile solid state storage
152 that will also record the authority to non-volatile solid state
storage mapping so that the authority may be determined even if the
assigned non-volatile solid state storage is unreachable. A
duplicate or substitute authority 168 may be consulted if a
specific authority 168 is unavailable in some embodiments.
[0027] With reference to FIGS. 1 and 2, two of the many tasks of
the CPU 156 on a storage node 150 are to break up write data, and
reassemble read data. When the system has determined that data is
to be written, the authority 168 for that data is located as above.
When the segment ID for data is already determined the request to
write is forwarded to the non-volatile solid state storage 152
currently determined to be the host of the authority 168 determined
from the segment. The host CPU 156 of the storage node 150, on
which the non-volatile solid state storage 152 and corresponding
authority 168 reside, then breaks up or shards the data and
transmits the data out to various non-volatile solid state storage
152. The transmitted data is written as a data stripe in accordance
with an erasure coding scheme. In some embodiments, data is
requested to be pulled, and in other embodiments, data is pushed.
In reverse, when data is read, the authority 168 for the segment ID
containing the data is located as described above. The host CPU 156
of the storage node 150 on which the non-volatile solid state
storage 152 and corresponding authority 168 reside requests the
data from the non-volatile solid state storage and corresponding
storage nodes pointed to by the authority. In some embodiments the
data is read from flash storage as a data stripe. The host CPU 156
of storage node 150 then reassembles the read data, correcting any
errors (if present) according to the appropriate erasure coding
scheme, and forwards the reassembled data to the network. In
further embodiments, some or all of these tasks can be handled in
the non-volatile solid state storage 152. In some embodiments, the
segment host requests the data be sent to storage node 150 by
requesting pages from storage and then sending the data to the
storage node making the original request.
[0028] In some systems, for example in UNIX-style file systems,
data is handled with an index node or inode, which specifies a data
structure that represents an object in a file system. The object
could be a file or a directory, for example. Metadata may accompany
the object, as attributes such as permission data and a creation
timestamp, among other attributes. A segment number could be
assigned to all or a portion of such an object in a file system. In
other systems, data segments are handled with a segment number
assigned elsewhere. For purposes of discussion, the unit of
distribution is an entity, and an entity can be a file, a directory
or a segment. That is, entities are units of data or metadata
stored by a storage system. Entities are grouped into sets called
authorities. Each authority has an authority owner, which is a
storage node that has the exclusive right to update the entities in
the authority. In other words, a storage node contains the
authority, and that the authority, in turn, contains entities.
[0029] A segment is a logical container of data in accordance with
some embodiments. A segment is an address space between medium
address space and physical flash locations, i.e., the data segment
number, are in this address space. Segments may also contain
meta-data, which enable data redundancy to be restored (rewritten
to different flash locations or devices) without the involvement of
higher level software. In one embodiment, an internal format of a
segment contains client data and medium mappings to determine the
position of that data. Each data segment is protected, e.g., from
memory and other failures, by breaking the segment into a number of
data and parity shards, where applicable. The data and parity
shards are distributed, i.e., striped, across non-volatile solid
state storage 152 coupled to the host CPUs 156 (See FIG. 5) in
accordance with an erasure coding scheme. Usage of the term
segments refers to the container and its place in the address space
of segments in some embodiments. Usage of the term stripe refers to
the same set of shards as a segment and includes how the shards are
distributed along with redundancy or parity information in
accordance with some embodiments.
[0030] A series of address-space transformations takes place across
an entire storage system. At the top are the directory entries
(file names) which link to an inode. Modes point into medium
address space, where data is logically stored. Medium addresses may
be mapped through a series of indirect mediums to spread the load
of large files, or implement data services like deduplication or
snapshots. Medium addresses may be mapped through a series of
indirect mediums to spread the load of large files, or implement
data services like deduplication or snapshots. Segment addresses
are then translated into physical flash locations. Physical flash
locations have an address range bounded by the amount of flash in
the system in accordance with some embodiments. Medium addresses
and segment addresses are logical containers, and in some
embodiments use a 128 bit or larger identifier so as to be
practically infinite, with a likelihood of reuse calculated as
longer than the expected life of the system. Addresses from logical
containers are allocated in a hierarchical fashion in some
embodiments. Initially, each non-volatile solid state storage unit
152 may be assigned a range of address space. Within this assigned
range, the non-volatile solid state storage 152 is able to allocate
addresses without synchronization with other non-volatile solid
state storage 152.
[0031] Data and metadata is stored by a set of underlying storage
layouts that are optimized for varying workload patterns and
storage devices. These layouts incorporate multiple redundancy
schemes, compression formats and index algorithms. Some of these
layouts store information about authorities and authority masters,
while others store file metadata and file data. The redundancy
schemes include error correction codes that tolerate corrupted bits
within a single storage device (such as a NAND flash chip), erasure
codes that tolerate the failure of multiple storage nodes, and
replication schemes that tolerate data center or regional failures.
In some embodiments, low density parity check (LDPC) code is used
within a single storage unit. Reed-Solomon encoding is used within
a storage cluster, and mirroring is used within a storage grid in
some embodiments. Metadata may be stored using an ordered log
structured index (such as a Log Structured Merge Tree), and large
data may not be stored in a log structured layout.
[0032] In order to maintain consistency across multiple copies of
an entity, the storage nodes agree implicitly on two things through
calculations: (1) the authority that contains the entity, and (2)
the storage node that contains the authority. The assignment of
entities to authorities can be done by pseudo randomly assigning
entities to authorities, by splitting entities into ranges based
upon an externally produced key, or by placing a single entity into
each authority. Examples of pseudorandom schemes are linear hashing
and the Replication Under Scalable Hashing (RUSH) family of hashes,
including Controlled Replication Under Scalable Hashing (CRUSH). In
some embodiments, pseudo-random assignment is utilized only for
assigning authorities to nodes because the set of nodes can change.
The set of authorities cannot change so any subjective function may
be applied in these embodiments. Some placement schemes
automatically place authorities on storage nodes, while other
placement schemes rely on an explicit mapping of authorities to
storage nodes. In some embodiments, a pseudorandom scheme is
utilized to map from each authority to a set of candidate authority
owners. A pseudorandom data distribution function related to CRUSH
may assign authorities to storage nodes and create a list of where
the authorities are assigned. Each storage node has a copy of the
pseudorandom data distribution function, and can arrive at the same
calculation for distributing, and later finding or locating an
authority. Each of the pseudorandom schemes requires the reachable
set of storage nodes as input in some embodiments in order to
conclude the same target nodes. Once an entity has been placed in
an authority, the entity may be stored on physical devices so that
no expected failure will lead to unexpected data loss. In some
embodiments, rebalancing algorithms attempt to store the copies of
all entities within an authority in the same layout and on the same
set of machines.
[0033] Examples of expected failures include device failures,
stolen machines, datacenter fires, and regional disasters, such as
nuclear or geological events. Different failures lead to different
levels of acceptable data loss. In some embodiments, a stolen
storage node impacts neither the security nor the reliability of
the system, while depending on system configuration, a regional
event could lead to no loss of data, a few seconds or minutes of
lost updates, or even complete data loss.
[0034] In the embodiments, the placement of data for storage
redundancy is independent of the placement of authorities for data
consistency. In some embodiments, storage nodes that contain
authorities do not contain any persistent storage. Instead, the
storage nodes are connected to non-volatile solid state storage
units that do not contain authorities. The communications
interconnect between storage nodes and non-volatile solid state
storage units consists of multiple communication technologies and
has non-uniform performance and fault tolerance characteristics. In
some embodiments, as mentioned above, non-volatile solid state
storage units are connected to storage nodes via PCI express,
storage nodes are connected together within a single chassis using
Ethernet backplane, and chassis are connected together to form a
storage cluster. Storage clusters are connected to clients using
Ethernet or fiber channel in some embodiments. If multiple storage
clusters are configured into a storage grid, the multiple storage
clusters are connected using the Internet or other long-distance
networking links, such as a "metro scale" link or private link that
does not traverse the internet.
[0035] Authority owners have the exclusive right to modify
entities, to migrate entities from one non-volatile solid state
storage unit to another non-volatile solid state storage unit, and
to add and remove copies of entities. This allows for maintaining
the redundancy of the underlying data. When an authority owner
fails, is going to be decommissioned, or is overloaded, the
authority is transferred to a new storage node. Transient failures
make it non-trivial to ensure that all non-faulty machines agree
upon the new authority location. The ambiguity that arises due to
transient failures can be achieved automatically by a consensus
protocol such as Paxos, hot-warm failover schemes, via manual
intervention by a remote system administrator, or by a local
hardware administrator (such as by physically removing the failed
machine from the cluster, or pressing a button on the failed
machine). In some embodiments, a consensus protocol is used, and
failover is automatic. If too many failures or replication events
occur in too short a time period, the system goes into a
self-preservation mode and halts replication and data movement
activities until an administrator intervenes in accordance with
some embodiments.
[0036] As authorities are transferred between storage nodes and
authority owners update entities in their authorities, the system
transfers messages between the storage nodes and non-volatile solid
state storage units. With regard to persistent messages, messages
that have different purposes are of different types. Depending on
the type of the message, the system maintains different ordering
and durability guarantees. As the persistent messages are being
processed, the messages are temporarily stored in multiple durable
and non-durable storage hardware technologies. In some embodiments,
messages are stored in RAM, NVRAM and on NAND flash devices, and a
variety of protocols are used in order to make efficient use of
each storage medium. Latency-sensitive client requests may be
persisted in replicated NVRAM, and then later NAND, while
background rebalancing operations are persisted directly to
NAND.
[0037] Persistent messages are persistently stored prior to being
transmitted. This allows the system to continue to serve client
requests despite failures and component replacement. Although many
hardware components contain unique identifiers that are visible to
system administrators, manufacturer, hardware supply chain and
ongoing monitoring quality control infrastructure, applications
running on top of the infrastructure address virtualize addresses.
These virtualized addresses do not change over the lifetime of the
storage system, regardless of component failures and replacements.
This allows each component of the storage system to be replaced
over time without reconfiguration or disruptions of client request
processing.
[0038] In some embodiments, the virtualized addresses are stored
with sufficient redundancy. A continuous monitoring system
correlates hardware and software status and the hardware
identifiers. This allows detection and prediction of failures due
to faulty components and manufacturing details. The monitoring
system also enables the proactive transfer of authorities and
entities away from impacted devices before failure occurs by
removing the component from the critical path in some
embodiments.
[0039] FIG. 3 is a multiple level block diagram, showing contents
of a storage node 150 and contents of a non-volatile solid state
storage 152 of the storage node 150. Data is communicated to and
from the storage node 150 by a network interface controller (NIC)
202 in some embodiments. Each storage node 150 has a CPU 156, and
one or more non-volatile solid state storage 152, as discussed
above. Moving down one level in FIG. 3, each non-volatile solid
state storage 152 has a relatively fast non-volatile solid state
memory, such as nonvolatile random access memory (NVRAM) 204, and
flash memory 206. In some embodiments, NVRAM 204 may be a component
that does not require program/erase cycles (DRAM, MRAM, PCM), and
can be a memory that can support being written vastly more often
than the memory is read from. Moving down another level in FIG. 3,
the NVRAM 204 is implemented in one embodiment as high speed
volatile memory, such as dynamic random access memory (DRAM) 216,
backed up by energy reserve 218. Energy reserve 218 provides
sufficient electrical power to keep the DRAM 216 powered long
enough for contents to be transferred to the flash memory 206 in
the event of power failure. In some embodiments, energy reserve 218
is a capacitor, super-capacitor, battery, or other device, that
supplies a suitable supply of energy sufficient to enable the
transfer of the contents of DRAM 216 to a stable storage medium in
the case of power loss. The flash memory 206 is implemented as
multiple flash dies 222, which may be referred to as packages of
flash dies 222 or an array of flash dies 222. It should be
appreciated that the flash dies 222 could be packaged in any number
of ways, with a single die per package, multiple dies per package
(i.e. multichip packages), in hybrid packages, as bare dies on a
printed circuit board or other substrate, as encapsulated dies,
etc. In the embodiment shown, the non-volatile solid state storage
152 has a controller 212 or other processor, and an input output
(I/O) port 210 coupled to the controller 212. I/O port 210 is
coupled to the CPU 156 and/or the network interface controller 202
of the flash storage node 150. Flash input output (I/O) port 220 is
coupled to the flash dies 222, and a direct memory access unit
(DMA) 214 is coupled to the controller 212, the DRAM 216 and the
flash dies 222. In the embodiment shown, the I/O port 210,
controller 212, DMA unit 214 and flash I/O port 220 are implemented
on a programmable logic device (PLD) 208, e.g., a field
programmable gate array (FPGA). In this embodiment, each flash die
222 has pages, organized as sixteen kB (kilobyte) pages 224, and a
register 226 through which data can be written to or read from the
flash die 222. In further embodiments, other types of solid-state
memory are used in place of, or in addition to flash memory
illustrated within flash die 222.
[0040] Storage clusters 160, in various embodiments as disclosed
herein, can be contrasted with storage arrays in general. The
storage nodes 150 are part of a collection that creates the storage
cluster 160. Each storage node 150 owns a slice of data and
computing required to provide the data. Multiple storage nodes 150
cooperate to store and retrieve the data. Storage memory or storage
devices, as used in storage arrays in general, are less involved
with processing and manipulating the data. Storage memory or
storage devices in a storage array receive commands to read, write,
or erase data. The storage memory or storage devices in a storage
array are not aware of a larger system in which they are embedded,
or what the data means. Storage memory or storage devices in
storage arrays can include various types of storage memory, such as
RAM, solid state drives, hard disk drives, etc. The storage units
152 described herein have multiple interfaces active simultaneously
and serving multiple purposes. In some embodiments, some of the
functionality of a storage node 150 is shifted into a storage unit
152, transforming the storage unit 152 into a combination of
storage unit 152 and storage node 150. Placing computing (relative
to storage data) into the storage unit 152 places this computing
closer to the data itself. The various system embodiments have a
hierarchy of storage node layers with different capabilities. By
contrast, in a storage array, a controller owns and knows
everything about all of the data that the controller manages in a
shelf or storage devices. In a storage cluster 160, as described
herein, multiple controllers in multiple storage units 152 and/or
storage nodes 150 cooperate in various ways (e.g., for erasure
coding, data sharding, metadata communication and redundancy,
storage capacity expansion or contraction, data recovery, and so
on).
[0041] FIG. 4 depicts a storage node 150 sending an I/O command 404
to a storage unit 152, which verifies the I/O command 404 based on
contents of an accompanying signed token 406. The I/O command 404
could be a command to read data from, or write data to the storage
unit 152, e.g. involving the flash memory 206 or the NVRAM 204, or
some other command. In some embodiments, the I/O command 404 could
be a command to read or write data that is striped across the
storage units 152 in the storage cluster 160. A signed token 406
accompanies or is associated with the I/O command 404. In some
embodiments, the storage node 150 could send the I/O command 404
and the signed token 406, on behalf of the authority 402, to the
storage unit 152 via the communications interconnect 170 shown in
FIG. 2. Upon receiving the I/O command 404 and the associated
signed token 406, the storage unit 152 verifies the I/O command
404, based on contents of the token 406. A verification module 408
in the storage unit 152 performs this verification, and can be
implemented as software, firmware, hardware, or combinations
thereof. In some embodiments, the storage unit 152, using the
verification module 408, determines the contents of the token 406
and verifies the I/O command 404 without further communication from
the storage unit 152 back to originators of the token 406 and the
signature, i.e., without communicating to other storage nodes 150.
As described further below, the token may be revocable with or
without requiring further communication from the storage unit
152.
[0042] FIG. 5 shows relationships of the token 406 to the I/O
command 404, the storage node 150, the authority 402 executing in
the storage node 150, and signers 510 of the token 406 in some
embodiments. Contents of the signed token 406, in one embodiment as
depicted, include a storage node identifier 502, an authority
identifier 504, an embedded signature 506, and a timestamp 508.
Each token 406 is specific to an authority 402 and specific to the
storage node 150 in which the authority 402 resides or executes.
The storage node identifier 502, in the token 406, could be a
number or a name identifying the storage node 150 in some
embodiments. Similarly, the authority identifier 504 in the token
406 could be a number or name identifying the authority 402. For
example, the authority 402 issuing the I/O command 404 in FIG. 5 is
labeled (e.g., named) "A1", and this name could be used as the
authority identifier 504.
[0043] Still referring to FIG. 5, storage nodes 150, other than the
storage node executing the authority 402, are signers 510 of the
token 406 in some embodiments. Each of the signers 510 is a storage
node 150 or on authority 402, in various embodiments, and the
signers 510 are spread across or distributed among the storage
nodes 150 of the storage cluster 160. These signers 510 provide a
signature (which could include multiple signatures, in one
embodiment), which is then embedded in the token 406. Signing
algorithms, signing mechanisms, signatures and embedded signatures
are well known, and suitable versions of these can be selected and
applied in various embodiments. By signing the token 406, the
signers 510 are indicating that they agree that the authority 402
has ownership of data affected by the I/O command 404. This
agreement can be formed by a voting arrangement, among other
possibilities. The timestamp 508 in the token 406 could indicate
the time of creation of the token 406, the time of signing of the
token 406, the time of sending of the token 406, or some other time
value associated with the I/O command 404. There is a predefined
validity time period or interval for the timestamp 508, commencing
when the timestamp 508 is written (i.e., commencing with the value
of the timestamp 508) in some embodiments. The validity time for
the token 406 expires at the end of the validity time period or
interval. Thus, upon expiration of the validity time period token
406 is revoked. In some embodiments, token 406 may be revoked
through alternative mechanisms, e.g., under direction of a storage
node. It should be appreciated that the embodiments covers
instances where the token 406 may be revoked with or without the
need for communication to or from any storage nodes. In addition,
while the embodiments provide one example where the token is
revoked through a shared system feature such as time to avoid the
need for any external communication concerning the revocation,
other shared system features may be integrated with the
embodiments.
[0044] Referring back to FIG. 4, and with ongoing reference to FIG.
5, the verification module 408 checks the embedded signature 506 of
the token 406. For example, the embedded signature 506 could be
encrypted, and the verification module 408 could decrypt the
embedded signature 506 and compare the decrypted value to an
expected value. In some embodiments, the verification module 408
could decrypt the embedded signature 506, and compare the decrypted
value to the storage node identifier 502 and the authority
identifier 504, looking for a match. The verification module 408
also checks the timestamp 508, and looks to see if the token has
expired, e.g., compares the present time value to the timestamp 508
and the validity time period or interval. The verification module
408 can thus determine whether the I/O command 404 is valid, based
on whether the authority 402 and the storage node 150 have a right
to issue I/O commands 404 pertaining to the data to be written to
or read from the storage unit 152, whether the token 406 is
properly signed, and whether the token 406 is within the validity
time period or interval or has expired and is revoked. It should be
appreciated that while the embodiments refer to a revocable token
where the revocation is achieved without any external communication
to or from any storage nodes, this is not meant to be limiting. In
some embodiments, the token may be revoked through a mechanism
requiring the external communication.
[0045] FIG. 6 shows storage nodes 150 voting to replace an
authority 402 in some embodiments. Such voting could take place if
a storage node 150, or an authority 402, is unresponsive. Under
these circumstances, the storage cluster 160 continues to operate,
as will be described with reference to FIG. 7. In the embodiment
shown in FIG. 6, the storage nodes 150 are coupled to a voting unit
602. Voting mechanisms, algorithms and connections are well known,
and suitable versions of these can be selected and applied in
various embodiments. For example, the voting unit 602 could be
distributed and redundant across the storage nodes 150, so that the
storage cluster 160 has a type of fault tolerance and can vote when
one or more storage nodes 150 are unresponsive. The voting unit 602
is utilized by the signers 510 to determine whether or not a token
406 should be signed, in some embodiments. The storage nodes from
which the embedded signature 506 for the signed token 406
originates form a witness quorum within the storage cluster 160. In
some embodiments, the quorum of signers represents a majority of
the plurality of storage nodes.
[0046] FIG. 7 shows assignment of an authority 402 to a new storage
node 150, as a replacement authority 402. Continuing with the
scenario developed in FIGS. 4-6, the left-most storage node 150 is
shown with authorities 402 named A1, A2 . . . A4, and the middle
storage node 150 is shown as having authorities 402 named A5 . . .
A8. User data corresponding with (e.g., owned by) the authority 402
named A1 is depicted as striped across the storage units 152 (e.g.,
data labeled "A1" in each of the storage units 152), using erasure
coding. Some of the storage units 152 show user data corresponding
to other authorities, such as A2 . . . AN. In this scenario, the
authority 402 named "A1", or the storage node 150 that is executing
this authority 402, is unresponsive or unreachable. However, the
storage cluster still needs to access the user data owned by this
authority 402. The remaining storage nodes 150 vote, using the
voting unit 602 of FIG. 6, to replace the authority 402 named "A1",
i.e., to determine a replacement authority 402. The remaining
storage nodes 150 determine that a new node 150 is a suitable
location to which to relocate the authority 402 named "A1". The new
storage node 150 could be an unused (e.g., spare, not yet
allocated) storage node 150, or a storage node 150 that is
currently in use and has one or more other authorities 402. The
authority 402 is then relocated to the new storage node 150, i.e.,
the replacement authority 402 is located in the new storage node
150, and given ownership of the user data (formerly) owned by the
original authority 402 that is unresponsive or is located in an
unresponsive storage node 150. The relocated or replacement
authority 402, in the new storage node 150, is depicted as owning
the data corresponding to the authority 402 named "A1" (see arrow
pointing from replacement authority 402 to corresponding user data
in the storage unit 152 in the new storage node 150). This
relocated or replacement authority 402 can issue I/O commands 404,
with signed tokens 406, pertaining to the user data over which it
now has ownership. The new storage node 150 thus acts as a
replacement storage node 150, and the relocated authority 402 acts
as a replacement authority 402. It should be appreciated that the
user data itself does not need to be moved during this process, and
remains intact in the storage units 152. When an authority 402 is
relocated or replaced, the remaining storage nodes 150 can vote,
using the voting unit 602, to revoke any or all tokens 406 issued
by (or on behalf of) the authority 402 prior to relocation or
replacement in some embodiments. Revocation could be carried out by
sending messages to the various storage units 152, so that the
verification modules 408 are made aware of which tokens 406 are
revoked. The remaining storage nodes 150 can vote to block
communication from an authority 402 being replaced, in some
embodiments.
[0047] FIG. 8 is a flow diagram of a method for authorizing I/O
commands, which can be practiced in the storage cluster of FIG. 1
and further embodiments thereof. Some or all of the actions in the
method can be performed by various processors, such as processors
in storage nodes or processors in storage units. In an action 802,
an I/O command is generated by an authority in a storage node. For
example, the processor in a storage node could generate an I/O
command on behalf of an authority resident or executing in the
storage node. The I/O command could pertain to data striped across
storage units in the storage cluster, or data in NVRAM in a storage
unit in some embodiments. In an action 804, a token is generated
responsive to the authority initiating the I/O command and the
token is associated with the I/O command. The token is specific to
assignment of the authority and a storage node of the storage
cluster. The token has a signature by storage nodes other than the
storage node that has the authority for which the I/O command is
generated in some embodiments. The token may have a timestamp, an
authority identifier and/or a storage node identifier, among
various possibilities as discussed above.
[0048] Still referring to FIG. 8, the I/O command and the signed
token are sent from the storage node and authority to one or more
storage units, in an action 806. These could be sent as messages in
some embodiments. The I/O command is verified based on contents of
the signed token in action 808, e.g., a signature confirming
validity of the token. This verification could include checking to
see if the time of receipt of the signed token is within a
predetermined time validity period or interval of a timestamp in
the signed token, checking the signature to confirm validity of the
token, and so on. As noted above, the token is revocable and in
some embodiments the token may be self-revoking, e.g., based on a
time expiration as discussed above. The I/O command is performed by
the storage unit, upon successful verification. In a decision
action 810, it is determined whether an authority or a storage node
is unresponsive or unreachable. If none of the authorities or
storage nodes is unresponsive or unreachable, flow branches back to
the action 802, for more I/O commands and repeats as described
above. If an authority or a storage node is unresponsive, flow
proceeds to the action 812. In the action 812, there is a vote to
relocate or replace such an authority. Relocating or replacing an
authority can be performed as discussed above with reference to
FIG. 7 in some embodiments. Communication from the authority being
replaced is blocked, in an action 814. One or more tokens from the
authority being replaced are revoked, in an action 816. The
revocation of the one or more tokens may be without any further
external communication to or from the storage nodes or storage
units in some embodiments, as discussed above. Flow then proceeds
back to the action 802, to generate an I/O command (by one of the
existing authorities, and/or by the relocated or replacement
authority).
[0049] It should be appreciated that the methods described herein
may be performed with a digital processing system, such as a
conventional, general-purpose computer system. Special purpose
computers, which are designed or programmed to perform only one
function may be used in the alternative. FIG. 9 is an illustration
showing an exemplary computing device which may implement the
embodiments described herein. The computing device of FIG. 9 may be
used to perform embodiments of the functionality for a storage node
or a non-volatile solid state storage in accordance with some
embodiments. The computing device includes a central processing
unit (CPU) 901, which is coupled through a bus 905 to a memory 903,
and mass storage device 907. Mass storage device 907 represents a
persistent data storage device such as a disc drive, which may be
local or remote in some embodiments. The mass storage device 907
could implement a backup storage, in some embodiments. Memory 903
may include read only memory, random access memory, etc.
Applications resident on the computing device may be stored on or
accessed via a computer readable medium such as memory 903 or mass
storage device 907 in some embodiments. Applications may also be in
the form of modulated electronic signals modulated accessed via a
network modem or other network interface of the computing device.
It should be appreciated that CPU 901 may be embodied in a
general-purpose processor, a special purpose processor, or a
specially programmed logic device in some embodiments.
[0050] Display 911 is in communication with CPU 901, memory 903,
and mass storage device 907, through bus 905. Display 911 is
configured to display any visualization tools or reports associated
with the system described herein. Input/output device 909 is
coupled to bus 905 in order to communicate information in command
selections to CPU 901. It should be appreciated that data to and
from external devices may be communicated through the input/output
device 909. CPU 901 can be defined to execute the functionality
described herein to enable the functionality described with
reference to FIGS. 1-8. The code embodying this functionality may
be stored within memory 903 or mass storage device 907 for
execution by a processor such as CPU 901 in some embodiments. The
operating system on the computing device may be MS-WINDOWS.TM.,
UNIX.TM., LINUX.TM., iOS.TM., CentOS.TM., Android.TM., Redhat
Linux.TM., z/OS.TM., or other known operating systems. It should be
appreciated that the embodiments described herein may be integrated
with virtualized computing system also.
[0051] Detailed illustrative embodiments are disclosed herein.
However, specific functional details disclosed herein are merely
representative for purposes of describing embodiments. Embodiments
may, however, be embodied in many alternate forms and should not be
construed as limited to only the embodiments set forth herein.
[0052] It should be understood that although the terms first,
second, etc. may be used herein to describe various steps or
calculations, these steps or calculations should not be limited by
these terms. These terms are only used to distinguish one step or
calculation from another. For example, a first calculation could be
termed a second calculation, and, similarly, a second step could be
termed a first step, without departing from the scope of this
disclosure. As used herein, the term "and/or" and the "/" symbol
includes any and all combinations of one or more of the associated
listed items.
[0053] As used herein, the singular forms "a", "an" and "the" are
intended to include the plural forms as well, unless the context
clearly indicates otherwise. It will be further understood that the
terms "comprises", "comprising", "includes", and/or "including",
when used herein, specify the presence of stated features,
integers, steps, operations, elements, and/or components, but do
not preclude the presence or addition of one or more other
features, integers, steps, operations, elements, components, and/or
groups thereof. Therefore, the terminology used herein is for the
purpose of describing particular embodiments only and is not
intended to be limiting.
[0054] It should also be noted that in some alternative
implementations, the functions/acts noted may occur out of the
order noted in the figures. For example, two figures shown in
succession may in fact be executed substantially concurrently or
may sometimes be executed in the reverse order, depending upon the
functionality/acts involved.
[0055] With the above embodiments in mind, it should be understood
that the embodiments might employ various computer-implemented
operations involving data stored in computer systems. These
operations are those requiring physical manipulation of physical
quantities. Usually, though not necessarily, these quantities take
the form of electrical or magnetic signals capable of being stored,
transferred, combined, compared, and otherwise manipulated.
Further, the manipulations performed are often referred to in
terms, such as producing, identifying, determining, or comparing.
Any of the operations described herein that form part of the
embodiments are useful machine operations. The embodiments also
relate to a device or an apparatus for performing these operations.
The apparatus can be specially constructed for the required
purpose, or the apparatus can be a general-purpose computer
selectively activated or configured by a computer program stored in
the computer. In particular, various general-purpose machines can
be used with computer programs written in accordance with the
teachings herein, or it may be more convenient to construct a more
specialized apparatus to perform the required operations.
[0056] A module, an application, a layer, an agent or other
method-operable entity could be implemented as hardware, firmware,
or a processor executing software, or combinations thereof. It
should be appreciated that, where a software-based embodiment is
disclosed herein, the software can be embodied in a physical
machine such as a controller. For example, a controller could
include a first module and a second module. A controller could be
configured to perform various actions, e.g., of a method, an
application, a layer or an agent.
[0057] The embodiments can also be embodied as computer readable
code on a non-transitory computer readable medium. The computer
readable medium is any data storage device that can store data,
which can be thereafter read by a computer system. Examples of the
computer readable medium include hard drives, network attached
storage (NAS), read-only memory, random-access memory, CD-ROMs,
CD-Rs, CD-RWs, magnetic tapes, and other optical and non-optical
data storage devices. The computer readable medium can also be
distributed over a network coupled computer system so that the
computer readable code is stored and executed in a distributed
fashion. Embodiments described herein may be practiced with various
computer system configurations including hand-held devices,
tablets, microprocessor systems, microprocessor-based or
programmable consumer electronics, minicomputers, mainframe
computers and the like. The embodiments can also be practiced in
distributed computing environments where tasks are performed by
remote processing devices that are linked through a wire-based or
wireless network.
[0058] Although the method operations were described in a specific
order, it should be understood that other operations may be
performed in between described operations, described operations may
be adjusted so that they occur at slightly different times or the
described operations may be distributed in a system which allows
the occurrence of the processing operations at various intervals
associated with the processing.
[0059] In various embodiments, one or more portions of the methods
and mechanisms described herein may form part of a cloud-computing
environment. In such embodiments, resources may be provided over
the Internet as services according to one or more various models.
Such models may include Infrastructure as a Service (IaaS),
Platform as a Service (PaaS), and Software as a Service (SaaS). In
IaaS, computer infrastructure is delivered as a service. In such a
case, the computing equipment is generally owned and operated by
the service provider. In the PaaS model, software tools and
underlying equipment used by developers to develop software
solutions may be provided as a service and hosted by the service
provider. SaaS typically includes a service provider licensing
software as a service on demand. The service provider may host the
software, or may deploy the software to a customer for a given
period of time. Numerous combinations of the above models are
possible and are contemplated.
[0060] Various units, circuits, or other components may be
described or claimed as "configured to" perform a task or tasks. In
such contexts, the phrase "configured to" is used to connote
structure by indicating that the units/circuits/components include
structure (e.g., circuitry) that performs the task or tasks during
operation. As such, the unit/circuit/component can be said to be
configured to perform the task even when the specified
unit/circuit/component is not currently operational (e.g., is not
on). The units/circuits/components used with the "configured to"
language include hardware--for example, circuits, memory storing
program instructions executable to implement the operation, etc.
Reciting that a unit/circuit/component is "configured to" perform
one or more tasks is expressly intended not to invoke 35 U.S.C.
112, sixth paragraph, for that unit/circuit/component.
Additionally, "configured to" can include generic structure (e.g.,
generic circuitry) that is manipulated by software and/or firmware
(e.g., an FPGA or a general-purpose processor executing software)
to operate in manner that is capable of performing the task(s) at
issue. "Configured to" may also include adapting a manufacturing
process (e.g., a semiconductor fabrication facility) to fabricate
devices (e.g., integrated circuits) that are adapted to implement
or perform one or more tasks.
[0061] The foregoing description, for the purpose of explanation,
has been described with reference to specific embodiments. However,
the illustrative discussions above are not intended to be
exhaustive or to limit the invention to the precise forms
disclosed. Many modifications and variations are possible in view
of the above teachings. The embodiments were chosen and described
in order to best explain the principles of the embodiments and its
practical applications, to thereby enable others skilled in the art
to best utilize the embodiments and various modifications as may be
suited to the particular use contemplated. Accordingly, the present
embodiments are to be considered as illustrative and not
restrictive, and the invention is not to be limited to the details
given herein, but may be modified within the scope and equivalents
of the appended claims.
* * * * *